The email came from the hospital's "Director of Information Managment and Technology" and included the Hospital's logo.
Another of the newly discovered ransomware emails was to the staff at an aquarium with locations in multiple countries. And it appeared to be nicely branded.
Both attacks were spotted by Proofpoint and they've discovered others targeted primarily at Healthcare and Education sectors. The delivery method involves messages with a Microsoft Word document containing an embedded executable.
"Defray" is the moniker of this newly discovered ransomware strain. "We selected the name 'Defray' based on the command and control (C&C) server hostname from the first observed attack: defrayable-listings[.]000webhostapp[.]com," the security company said.
Once this new ransomware does its damage, it even includes a note to IT that says something like these free ransomware decryption tools will not work as a fix.
Worth noting: these appear to be focused ransomware attacks instead of a widespread shotgun type approach. So the customized spear phishing used here may make it more difficult for employees to spot these as a fake.
SecureWorld will let you know if this new strain becomes more widespread.
